Re: Euro-move to key-escrow encryption


Sender: LECLERC YVES <•••@••.•••>

On Sat, 14 Oct 1995, Cyber Rights wrote:

>     To detect pornographers and criminals, the [European] commission is
>     seeking legal powers to prevent people from using secret codes on the
>     Internet which it cannot crack.
>     But Dr. Peter Lammer, managing director of a supplier of encryption
>     software said: 'This plan would never work because people wishing
>     to evade it could legitimately use layers of encryption'.

Instead of campaigning against encryption restrictions, we have a simple
way of making them useless -- as partly suggested here by Lammer. The
solution is twofold:

a) Encourage everyone to use PGP freeware in a routine way for their
personal communications, so that any legislation comes after the fact.
  For the next few months, it should be systematically offered and easily
downloaded to everyone using the relevant newsgroups and listservs, to
every visitor to the numerous activist home pages. The use of it should
be made more user-friendly, through work financed, if need be, by the
various interested groups (EFF, CPSR and their equivalents in other
  It should also be translated (and adapted if necessary) for
every national language. When millions of people have started using it
everyday, it will be just about impossible to ban without encountering a
massive opposition not only from activists, but from ordinary citizens.

b) Lammer's suggestion should be followed for all business documents:
PGP-encoded messages should be re-encrypted with RSA, Secure Netscape and
other key-escrow commercial products.
  This way, the "illegal" encoding of business communications will be
hidden by the "legal" level and it'll be very hard for the authorities to
prove this practice without submitting to the heavy workload (and expense)
of decoding a large number of messages from thousands of sources...
probably a daunting task in view of the slim returns to be expected.

This precaution shouldn't be necessary for private mail, since this is
supposed to be inviolate in nearly all countries unless law-enforcing
authorities have a strong presumption of guilt against the sender (and,
in most case, must demonstrate this to the satisfaction of a judge which,
IMHO, is a reasonable approach).

I doubt that police and governments will risk going to Court on this with
a weak case or -- worse -- on a fishing expedition, for fear of their
action being declared inconstitutional (or against the UN Citizens' Rights
covenant, where the country has signed it), thus losing even this
potential weapon.

> 1) Encryption or code is merely a language and so one would have to
> legislate that a language which cannot be understood is illegal. How good
> is  your understanding of provincial dialect Zulu? And what would the US
> constitution say about banning languages?

I'd say beware of this: it may be valid in the US, but won't stand at the
international level, where restrictions on language use are common, often
considered necessary and generally accepted. Only about 4% of the world
live under the US Constitution, and the rest (especially those numerous
countries that have suffered in American hands in the past -- Yankees tend
to have a very forgetful memory about this, but others don't) may not
welcome such an approach. More generally, basing any civil rights
proposition about the Internet on the US Constitution is, at best, a
dubious strategy except where the issue is clearly local.

Finally, a *philosophical* caveat to the defenders of all-out individual
rights:  Don't forget that privacy and openness are irreconcilable
enemies. What you give one MUST be taken from the other. So if you insist
on total privacy protection for yourselves, you'll get total information
blackout from governments and public agencies as well, whose
communications and documents will (rightly) be protected by the same walls
you erect around your own.

Before going that road, think whether it's what you truly want. If not,
we'd better start looking for an acceptable compromise which would allow
reasonable protection for law-abiding citizens, while still retaining some
openness and accountability in public authorities.

But this is a whole other debate... which I believe at least as
important as the key-escrow battle itself.

Yves Leclerc          Dead-End Democracy? or open-ended government...
<•••@••.•••>    Montreal, Quebec

 Posted by Andrew Oram  - •••@••.••• - Moderator: CYBER-RIGHTS (CPSR)
You are encouraged to forward and cross-post messages for non-commercial use,
pursuant to any redistribution restrictions included in individual messages.